- Fixed an issue where specially crafted JPEG images ccould be used to execute arbitrary code, as reported by Tavis Ormandy of the Google Security Team; see our advisory
- Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by Adam Barth; details will be disclosed at a later date.
- Fixed a moderately severe issue; details will be disclosed at a later date.
- Added Untrusted Rootstore Capability:
- Opera downloads only the detailed information about untrusted (blacklisted) certificates when they are encountered
- If download fails for certificate information in the list, Opera considers any certificate matching the ID as untrusted
- Added version conditional fetching of certificate dependencies from an online repository
- Fixed a problem downloading the CRL (Certificate Revocation List)
- Fixed a problem that could cause SSL to deadlock in one state, hanging the connection
- Fixed a problem that could cause the incorrect calculation of Certificate IDs
- Implemented Extended Validation (EV) for cross-signed EV Root Certificates not shipped by default
- Implemented preshipping of the Entrust 2048 CA (Certificate Authority)
- Implemented Root Certificate fetching from an online repository when an intermediate matches a certificate in the repository
- Improved support for weak encryption when importing .p12 private certificates
- Prevented security information documents from being written to disk
- Fixed a problem which created separate feed notifications; Opera now groups them together
- Fixed a problem with the backspace key event in the Flash plug-in
- Fixed a problem with inline find when no text was entered, and the Enter key was pressed
- Fixed an instability error with the 64 bit Linux version
Die neue Version gibt es wie immer hier, oder man setzt in seine /etc/apt/sources.list eine der genannten Repositories ein. Wobei letzteres im Moment ein wenig Fehlerbehaftet zu sein scheint, da aptitude einen Fehler in der Signatur meldet und der “[color=#CC0000]Opera Software Archive Automatic Signing Key[/color]” [color=#CC0000]ungültig[/color] ist.
Ich hoffe, dies wird bald begradigt.